Friday, 12 February 2021


Broadcast-listener is a interesting NSE script that listens on a network for devices that are broadcasting and provides some information on what in particular is broadcasting.


#nmap --script broadcast-listener -e <interface name>

if you need to quickly find the name of your interface type

#tcpdump -D


Hosts on a network are broadcasting all the time.  Attempting to determine "who is who in the zoo."  Where broadcast listener comes in handy is that it attempts, and fairly accurately, tells us what type of broadcasting is occurring.  The packets from these broadcasters are analyzed and the output reflects this data.

Above you will see the output for a network.  The colours correspond with numbers that show up multiple times.

 Important to note that UDP decoders are triggered by destination port and ether decoders are triggered by pattern match.

Protocols present in this image

SSDP = Simple Service Discovery Protocol (Network protocol for advertisement and discovery of network services and presence information)

MDNS = Multi Cast DNS(Protocol that resolves hostnames to IP addresses within small networks that do not include local name server)

NetBIOS = Network Basic Input/Output System (Provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network)  it is not a protocol it is an API



No comments:

Post a comment